From 71729eb0a8b636862e2a0fcaf821a9084daadc4d Mon Sep 17 00:00:00 2001 From: Sam Zackrisson Date: Mon, 9 Jul 2018 16:06:28 +0200 Subject: [PATCH] Fix fuzzer-found flow-over in AGC1 This CL changes a constant from an approximately correct limit of 2^25.5. The new limit is the largest x such that z = 10 satisfies: ((x >> z) + 1)^2 <= 2^31 - 1. If gains[k + 1] > x, then z >= 11 and needs to be computed. Bug: chromium:860638 Change-Id: If17f257dacd94806e59e4f32b345a5fb15b4e32b Reviewed-on: https://webrtc-review.googlesource.com/87583 Reviewed-by: Alex Loiko Commit-Queue: Sam Zackrisson Cr-Commit-Position: refs/heads/master@{#23908} --- modules/audio_processing/agc/legacy/digital_agc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/audio_processing/agc/legacy/digital_agc.c b/modules/audio_processing/agc/legacy/digital_agc.c index f3c1cf74fd..7801196a4c 100644 --- a/modules/audio_processing/agc/legacy/digital_agc.c +++ b/modules/audio_processing/agc/legacy/digital_agc.c @@ -467,9 +467,10 @@ int32_t WebRtcAgc_ProcessDigital(DigitalAgc* stt, // Limit gain to avoid overload distortion for (k = 0; k < 10; k++) { - // To prevent wrap around + // Find a shift of gains[k + 1] such that it can be squared without + // overflow, but at least by 10 bits. zeros = 10; - if (gains[k + 1] > 47453132) { + if (gains[k + 1] > 47452159) { zeros = 16 - WebRtcSpl_NormW32(gains[k + 1]); } gain32 = (gains[k + 1] >> zeros) + 1;